package com.shiro;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

/**
 * 功能或描述：
 * Package com.shiro
 * Author: DR.YangLong
 * Date: 14-10-8
 * Time: 上午9:41
 * Email: 410357434@163.com
 * Version: 1.0
 * Module: 修正:            日期：
 */
public class MyFormFilter extends FormAuthenticationFilter {
    @Override
    protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
        System.out.println("12311");
        return super.executeLogin(request, response);
    }

    /**
     * 此方法执行后会调用doUpdate(Sesison session)方法
     * @param token
     * @param subject
     * @param request
     * @param response
     * @return
     * @throws Exception
     */
    @Override
    protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
        System.out.println(subject.getSession().getId());
       String realmName= subject.getPrincipals().getRealmNames().iterator().next();
        User user=(User)subject.getPrincipals().fromRealm(realmName).iterator().next();
     /**
         * 可获取用户ID，session id放入队列中，用户登录时判断用户数量以进行相应操作
         * 禁止后来用户进行登录直接在此filter中可做
         * 如果需要更加强大的踢人操作，可扩展另外一个filter，加入到shiro的filterchain，在此filter之后进行相应
         * 的用户session和id队列存取操作，以及使用sessionDAO对另外的在线用户进行session的删除
         */
        return super.onLoginSuccess(token, subject, request, response);
    }

    @Override
    protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
        System.out.println(request.getParameterNames());
        return super.onLoginFailure(token, e, request, response);
    }
}
